'Tallinn Manual 2.0'—the rulebook for cyberwar

June 3, 2017 by Michel Moutot

The Tallinn Manual was among the hot topics this week as over 500 IT security experts from across the globe gathered at NATO's Cycon cyber security conference in the Estonian capital

With ransomware like "WannaCry" sowing chaos worldwide and global powers accusing rivals of using cyberattacks to interfere in domestic politics, the latest edition of the world's only book laying down the law in cyberspace could not be more timely.

The Tallinn Manual 2.0 is a unique collection of law on cyber-conflict, says Professor Michael Schmitt from the UK's University of Exeter, who led work on the tome.

Published by Cambridge University Press and first compiled by a team of 19 experts in 2013, the latest updated edition aims to pin down the rules that governments should follow when doing battle in virtual reality.

The manual was among the hot topics this week as over 500 IT security experts from across the globe gathered at NATO's Cycon cyber security conference in Tallinn.

Launched in 2009, the annual event is organised by NATO's Cooperative Cyber Defence Centre of Excellence based in the Estonian capital.

In 2007, Estonia was among the first countries to suffer a massive cyber attack, with authorities in Tallinn blaming the Baltic state's Soviet-era master Russia.

"The very next year, in the war between Russia and Georgia, again we saw a lot of cyber activity," said Schmitt, speaking to AFP at Cycon.

Estonia was targeted just three years after it joined NATO and the EU in 2004.

The attack raised a slew serious questions about how to apply and enforce NATO's Article 5 collective defence guarantee in cyberspace, said Schmitt, who also chairs the Stockton Center for the Study of International Law at the United States Naval War College.

He said that NATO allies faced an unprecedented dilemma: did the attack "mean that NATO states had to somehow come to the rescue of Estonia or not?"

Was it "an attack on the civilian population, a violation of international humanitarian law or not? No one had the answers," he added.

"Because of that (attack) the international community started looking at cyber, going: 'Oh my God, I can't answer any question!' That's why this manual was started."

'Digital wild west'

Schmitt says his team's work is intended to tame the "digital wild west" that emerged with the advent of cyberspace.

But the virtually limitless range of possibilities in cyber-conflict raises a long laundry list of legal questions and dilemmas and the Tallinn Manual certainly cannot answer them all.

The legal experts, mostly professors of international law, filled its 642 pages with existing jurisprudence applying to cyberspace from across the globe, and did not shy away from laying out conflicting views on certain issues.

For example: should cyber-espionage be subject to the same laws as conventional spying? Can a state obtain the online IDs and passwords of prisoners of war and use them?

Does a cyberattack trigger a legitimate right to self-defence? Can you retaliate? What kind of status do victims have? What can you do when there is no evidence to prove guilt when attackers can easily cover their tracks?

"This book is intended to be a secondary source of law: it explains the law, but it doesn't create it. States make law," Schmitt told AFP.

"My goal is that this books sits on the desk of every legal advisor for defence and foreign ministers, the intelligence services, so that legal advisors can sit with policy makers and say: in this situation, we can do this, or the law is not clear, you need to make a political decision here.

"But at least the discussion is mature. It's not 'oh my God, what's happening to us?'."

Thirty-three countries are attending NATO's largest ever cyberdrill in Estonia, focusing on malware in tablets and how infected devices may compromise data privacy for staff of the world's biggest military alliance.

Three hundred global cyber experts gathered in Tallinn Tuesday for a NATO Cyber Conflict conference focused on the legal and political aspects of national and global Internet security amid a rise in attacks.

Russia's alleged computer hacking to interfere in US elections was no act of war, but exploited a legal grey zone that makes justifying retaliation hard, international lawyers specializing in cyber issues said Wednesday.

NATO wants to beef up its cyber defence capabilities with the creation of a special task force to detect and respond to Internet attacks, an alliance expert said Wednesday at a conference on cyber security here.

Recommended for you

It's a safe bet that some of the websites and apps you use collect and subsequently sell your personal data. But how can you know which ones? An EPFL researcher has led the development of a program that can answer that question ...

Researchers from North Carolina State University have developed the first unmanned, fixed-wing aircraft that is capable of traveling both through the air and under the water – transitioning repeatedly between sky and sea. ...

University of Washington engineers have turned tissue paper – similar to toilet tissue – into a new kind of wearable sensor that can detect a pulse, a blink of an eye and other human movement. The sensor is light, flexible ...

A team of researchers led by Northwestern University professor and fuel cell pioneer Sossina Haile has created a new fuel cell offering both exceptional power densities and long-term stability at optimal temperatures, a discovery ...

Previous interactions can affect unrelated future decisions: In a line at a coffee shop, a stranger pays for the coffee of the man behind her, who then pays for the next stranger's coffee. He's had no interaction with other ...

0 comments

Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.